3340d77368
It fixes many buffer overflow in different protocol parsers, but none of them are critical, even in absense of Capsicum. Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925 Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929 Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933 Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937 Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973 Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984 Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993 Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203 Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342 Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485 Security: CVE-2017-5486
123 lines
5.4 KiB
C
123 lines
5.4 KiB
C
/*
|
|
* Copyright (C) Andrew Tridgell 1995-1999
|
|
*
|
|
* This software may be distributed either under the terms of the
|
|
* BSD-style license that accompanies tcpdump or the GNU GPL version 2
|
|
* or later
|
|
*/
|
|
|
|
/* for netdissect_options */
|
|
#include "netdissect.h"
|
|
|
|
/* the complete */
|
|
#define SMBmkdir 0x00 /* create directory */
|
|
#define SMBrmdir 0x01 /* delete directory */
|
|
#define SMBopen 0x02 /* open file */
|
|
#define SMBcreate 0x03 /* create file */
|
|
#define SMBclose 0x04 /* close file */
|
|
#define SMBflush 0x05 /* flush file */
|
|
#define SMBunlink 0x06 /* delete file */
|
|
#define SMBmv 0x07 /* rename file */
|
|
#define SMBgetatr 0x08 /* get file attributes */
|
|
#define SMBsetatr 0x09 /* set file attributes */
|
|
#define SMBread 0x0A /* read from file */
|
|
#define SMBwrite 0x0B /* write to file */
|
|
#define SMBlock 0x0C /* lock byte range */
|
|
#define SMBunlock 0x0D /* unlock byte range */
|
|
#define SMBctemp 0x0E /* create temporary file */
|
|
#define SMBmknew 0x0F /* make new file */
|
|
#define SMBchkpth 0x10 /* check directory path */
|
|
#define SMBexit 0x11 /* process exit */
|
|
#define SMBlseek 0x12 /* seek */
|
|
#define SMBtcon 0x70 /* tree connect */
|
|
#define SMBtconX 0x75 /* tree connect and X*/
|
|
#define SMBtdis 0x71 /* tree disconnect */
|
|
#define SMBnegprot 0x72 /* negotiate protocol */
|
|
#define SMBdskattr 0x80 /* get disk attributes */
|
|
#define SMBsearch 0x81 /* search directory */
|
|
#define SMBsplopen 0xC0 /* open print spool file */
|
|
#define SMBsplwr 0xC1 /* write to print spool file */
|
|
#define SMBsplclose 0xC2 /* close print spool file */
|
|
#define SMBsplretq 0xC3 /* return print queue */
|
|
#define SMBsends 0xD0 /* send single block message */
|
|
#define SMBsendb 0xD1 /* send broadcast message */
|
|
#define SMBfwdname 0xD2 /* forward user name */
|
|
#define SMBcancelf 0xD3 /* cancel forward */
|
|
#define SMBgetmac 0xD4 /* get machine name */
|
|
#define SMBsendstrt 0xD5 /* send start of multi-block message */
|
|
#define SMBsendend 0xD6 /* send end of multi-block message */
|
|
#define SMBsendtxt 0xD7 /* send text of multi-block message */
|
|
|
|
/* Core+ protocol */
|
|
#define SMBlockread 0x13 /* Lock a range and read */
|
|
#define SMBwriteunlock 0x14 /* Unlock a range then write */
|
|
#define SMBreadbraw 0x1a /* read a block of data with no smb header */
|
|
#define SMBwritebraw 0x1d /* write a block of data with no smb header */
|
|
#define SMBwritec 0x20 /* secondary write request */
|
|
#define SMBwriteclose 0x2c /* write a file then close it */
|
|
|
|
/* dos extended protocol */
|
|
#define SMBreadBraw 0x1A /* read block raw */
|
|
#define SMBreadBmpx 0x1B /* read block multiplexed */
|
|
#define SMBreadBs 0x1C /* read block (secondary response) */
|
|
#define SMBwriteBraw 0x1D /* write block raw */
|
|
#define SMBwriteBmpx 0x1E /* write block multiplexed */
|
|
#define SMBwriteBs 0x1F /* write block (secondary request) */
|
|
#define SMBwriteC 0x20 /* write complete response */
|
|
#define SMBsetattrE 0x22 /* set file attributes expanded */
|
|
#define SMBgetattrE 0x23 /* get file attributes expanded */
|
|
#define SMBlockingX 0x24 /* lock/unlock byte ranges and X */
|
|
#define SMBtrans 0x25 /* transaction - name, bytes in/out */
|
|
#define SMBtranss 0x26 /* transaction (secondary request/response) */
|
|
#define SMBioctl 0x27 /* IOCTL */
|
|
#define SMBioctls 0x28 /* IOCTL (secondary request/response) */
|
|
#define SMBcopy 0x29 /* copy */
|
|
#define SMBmove 0x2A /* move */
|
|
#define SMBecho 0x2B /* echo */
|
|
#define SMBopenX 0x2D /* open and X */
|
|
#define SMBreadX 0x2E /* read and X */
|
|
#define SMBwriteX 0x2F /* write and X */
|
|
#define SMBsesssetupX 0x73 /* Session Set Up & X (including User Logon) */
|
|
#define SMBffirst 0x82 /* find first */
|
|
#define SMBfunique 0x83 /* find unique */
|
|
#define SMBfclose 0x84 /* find close */
|
|
#define SMBinvalid 0xFE /* invalid command */
|
|
|
|
/* Extended 2.0 protocol */
|
|
#define SMBtrans2 0x32 /* TRANS2 protocol set */
|
|
#define SMBtranss2 0x33 /* TRANS2 protocol set, secondary command */
|
|
#define SMBfindclose 0x34 /* Terminate a TRANSACT2_FINDFIRST */
|
|
#define SMBfindnclose 0x35 /* Terminate a TRANSACT2_FINDNOTIFYFIRST */
|
|
#define SMBulogoffX 0x74 /* user logoff */
|
|
|
|
/* NT SMB extensions. */
|
|
#define SMBnttrans 0xA0 /* NT transact */
|
|
#define SMBnttranss 0xA1 /* NT transact secondary */
|
|
#define SMBntcreateX 0xA2 /* NT create and X */
|
|
#define SMBntcancel 0xA4 /* NT cancel */
|
|
|
|
/* pathworks special */
|
|
#define pSETDIR '\377'
|
|
|
|
|
|
/* these are the TRANS2 sub commands */
|
|
#define TRANSACT2_OPEN 0
|
|
#define TRANSACT2_FINDFIRST 1
|
|
#define TRANSACT2_FINDNEXT 2
|
|
#define TRANSACT2_QFSINFO 3
|
|
#define TRANSACT2_SETFSINFO 4
|
|
#define TRANSACT2_QPATHINFO 5
|
|
#define TRANSACT2_SETPATHINFO 6
|
|
#define TRANSACT2_QFILEINFO 7
|
|
#define TRANSACT2_SETFILEINFO 8
|
|
#define TRANSACT2_FSCTL 9
|
|
#define TRANSACT2_IOCTL 10
|
|
#define TRANSACT2_FINDNOTIFYFIRST 11
|
|
#define TRANSACT2_FINDNOTIFYNEXT 12
|
|
#define TRANSACT2_MKDIR 13
|
|
|
|
#define PTR_DIFF(p1, p2) ((size_t)(((const char *)(p1)) - (const char *)(p2)))
|
|
|
|
/* some protos */
|
|
const u_char *smb_fdata(netdissect_options *, const u_char *, const char *, const u_char *, int);
|